Fedora: Security Advisory for moby-engine (FEDORA-2023-b9c1d0e4c5)

2023-09-1600:00:00

plugins.openvas.org

fedora

security

advisory

moby-engine

fedora-2023-b9c1d0e4c5

cve-2021-41803

cve-2023-28842

cve-2023-28841

cve-2023-28840

cve-2023-0845

cve-2023-26054

cve-2022-3064

cve-2022-40716

cve-2023-25173

vulnerability

docker

hardware-agnostic

platform-agnostic

lightweight container

package

update.

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

7.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.884783");
  script_version("2023-10-12T05:05:32+0000");
  script_cve_id("CVE-2021-41803", "CVE-2023-28842", "CVE-2023-28841", "CVE-2023-28840", "CVE-2023-0845", "CVE-2023-26054", "CVE-2022-3064", "CVE-2022-40716", "CVE-2023-25173");
  script_tag(name:"cvss_base", value:"7.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:C/A:C");
  script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-04-14 15:23:00 +0000 (Fri, 14 Apr 2023)");
  script_tag(name:"creation_date", value:"2023-09-16 01:15:09 +0000 (Sat, 16 Sep 2023)");
  script_name("Fedora: Security Advisory for moby-engine (FEDORA-2023-b9c1d0e4c5)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC39");

  script_xref(name:"Advisory-ID", value:"FEDORA-2023-b9c1d0e4c5");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'moby-engine'
  package(s) announced via the FEDORA-2023-b9c1d0e4c5 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Docker is an open source project to build, ship and run any application as a
lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest EC2 compute instance and
everything in between - and they don&#39, t require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.");

  script_tag(name:"affected", value:"'moby-engine' package(s) on Fedora 39.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC39") {

  if(!isnull(res = isrpmvuln(pkg:"moby-engine", rpm:"moby-engine~24.0.5~1.fc39", rls:"FC39"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);